short note on-firewall, types of firewall,

---------------------------------------------------------------------------------------------------------------------------

packet filtering,

1. Packet Filter:

 A packet filter firewall (figure 1) examines packets up to the network layer and can only filter
packets based on the information that is available at the network layer.
 The information at this layer includes the source IP address, the destination IP address, the
source port, the destination port, and the TCP flag bits. Such a firewall can filter packets based on
ingress or egress, that is, it can have different filtering rules for incoming and outgoing packets.
 A packet filter receives packets and passes them through a set of rules, if they match the rules
then accept or reject.

Figure 1

 The primary advantage of a packet filter is efficiency. Packets only need to be processed up to
the network layer and only header information is examined, the entire operation is very efficient.
 Packet filters are configured using access control lists (ACLs).The disadvantages are the
firewall has no concept of state, so each packet is treated independently of all others. A packet
filter can't examine a TCP connection. A packet filter firewall is blind to application data where
viruses and other malware reside.

2. Stateful Packet Filter:

 A stateful packet filter (figure 2) adds state to a packet filter firewall which means that the firewall
keeps track of TCP connections and can remember UDP connections as well.
 A stateful packet filter operates at the transport layer, since it is maintains information about
connections.
Figure 2

 The primary advantage of a stateful packet filter is that it adds all the features of a packet filter
and it also keeps track of ongoing connection. This prevents many attacks, such as the TCP ACK
scan.
 The disadvantages of a stateful packet filter are that it cannot examine application data and is
slower than a packet filtering firewall since more processing is required.

3. Application Proxy:

 A proxy means acting on your behalf of something. An application proxy firewall processes
incoming packets all the way up to the application layer.
 The firewall (figure 3) acting on your behalf then verifies the packet that appears to be legitimate
and also verifies that the actual data inside the packet is safe.
 One interesting feature of an application proxy is that the incoming packet is destroyed and a new
packet is created in its place when the data passes through the firewall. This looks like a minor
and insignificant but it is actually a security feature.
Figure 3

 The primary advantage of an application proxy is that it has a complete view of connections and
application data.
 The application proxy can filter bad data at the application layer while also filtering bad packets at
the transport layer.
 The disadvantage of an application proxy is speed. Since the firewall is processing packets to the
application layer, examining the resulting data, maintaining state, etc., it is doing a great deal
more work than packet filtering firewalls.

4. Personal Firewall:

 A personal firewall is used to protect a single host or a small network such as a home network.
Home users need to use firewall to protect their system from outside network.
 Using a separate firewall system would be expensive. To tackle this problem personal firewall are
used.
 A personal firewall is an application program that runs on a work station to block unwanted traffic
from network. It can complement the work of conventional firewall by screening the kind of data a
single host will accept. It may be used to enforce certain policies.

Parameters Packet Filters Stateful Filters Application Personal

Proxy Firewall

1.Scans Addresses and Addresses or data Full data potion Full data portion
service protocol type of packet of packet

2.Screening Based on connection Based on Based on proxy Based on

rules information across behaviour information in the
packets head or data of
packet

3.Addressing Complex addressing Preconfigured Proxies User accepts the

Rules tools making addressing that substitute addresses
its,configuration tricky detects attack complex
signatures addressing
4.Auditing Difficult to audit Audit is possible Can audit Does the audit
difficulty activity activity

5.Complexity Simple Complex Most Complex Simple

 Any of the packet filter, stateful filter or application proxy can be used which are simpler for the
sake of efficiency.
 Example: Users may decide that certain sites such as computers on company network are highly
trustworthy but most other sites are not.
 It is general practice to combine virus scanner with a personal firewall. A user may forget to run
virus scanner daily. The combination of virus scanner and personal firewall is both effective and
efficient.

Comparison:

---------------------------------------------------------------------------------------------------------------------------

session layer functions,

The session layer defines how to start, control and end conversations (called sessions) between
applications. This includes the control and management of multiple bi-directional messages using
dialogue control. It also synchronizes dialogue between two hosts' presentation layers and manages their
data exchange. The session layer offers provisions for efficient data transfer.

Functions of Session Layer are:

1. Creating a connection – session/communication session between an APPLICATION in one

computer and another APPLICATION in another computer

2. Managing multiple sessions

i. A computer can establish multiple sessions with several other computers

ii. Two computers can also establish multiple sessions

3. Ending a session

4. The session layer is responsible for dialog control and synchronization.

-----------------------------------------------------------------------------------------------------------------------------
transport layer functions-tcp/ip, udp protocol,

 Connection-oriented communication
 Byte orientation
 Reliability
 Flow control
 Congestion avoidance

A majority of the internet uses a protocol suite called the Internet Protocol Suite also

known as the TCP/IP protocol suite. This suite is a combination of protocols which

encompasses a number of different protocols for different purpose and need. Because the

two major protocols in this suites are TCP (Transmission Control Protocol) and IP (Internet

Protocol), this is commonly termed as TCP/IP Protocol suite. This protocol suite has its own

reference model which it follows over the internet. In contrast with the OSI model, this

model of protocols contains less layers.

Figure: Comparative depiction of OSI and TCP/IP Reference Models

This model is indifferent to the actual hardware implementation, i.e. the physical layer of

OSI Model. This is why this model can be implemented on almost all underlying

technologies. Transport and Internet layers correspond to the same peer layers. All three

top layers of OSI Model are compressed together in single Application layer of TCP/IP

Model.

Internet Protocol Version 4 (IPv4)

Internet Protocol is one of the major protocols in the TCP/IP protocols suite. This protocol

works at the network layer of the OSI model and at the Internet layer of the TCP/IP model.

Thus this protocol has the responsibility of identifying hosts based upon their logical

addresses and to route data among them over the underlying network.

IP provides a mechanism to uniquely identify hosts by an IP addressing scheme. IP uses

best effort delivery, i.e. it does not guarantee that packets would be delivered to the

destined host, but it will do its best to reach the destination. Internet Protocol version 4

uses 32-bit logical address.

----------------

The User Datagram Protocol (UDP) is simplest Transport Layer communication protocol

available of the TCP/IP protocol suite. It involves minimum amount of communication

mechanism. UDP is said to be an unreliable transport protocol but it uses IP services which

provides best effort delivery mechanism.

In UDP, the receiver does not generate an acknowledgement of packet received and in

turn, the sender does not wait for any acknowledgement of packet sent. This shortcoming

makes this protocol unreliable as well as easier on processing.

Requirement of UDP
A question may arise, why do we need an unreliable protocol to transport the data? We

deploy UDP where the acknowledgement packets share significant amount of bandwidth

along with the actual data. For example, in case of video streaming, thousands of packets

are forwarded towards its users. Acknowledging all the packets is troublesome and may

contain huge amount of bandwidth wastage. The best delivery mechanism of underlying IP

protocol ensures best efforts to deliver its packets, but even if some packets in video

streaming get lost, the impact is not calamitous and can be ignored easily. Loss of few

packets in video and voice traffic sometimes goes unnoticed.

Features

 UDP is used when acknowledgement of data does not hold any significance.

 UDP is good protocol for data flowing in one direction.

 UDP is simple and suitable for query based communications.

 UDP is not connection oriented.

 UDP does not provide congestion control mechanism.

 UDP does not guarantee ordered delivery of data.

 UDP is stateless.

 UDP is suitable protocol for streaming applications such as VoIP, multimedia

streaming.

----------------------------------------------------------------------------------------------------------------

link state protocol,

ospf,
RIP-distance vector,

count to infinity

, DLL- flow control,

sliding window protocol,

stop and wait protocol,

cables for physical layer

, topologies, routers,

bridges-types,

switches,

cloud computing,

OSI models,

3 way handshake,

encryption-symmetric ans assymmetric,

MAC, DHCP, FTP, SMTP, HTTP,